彭建山,周传涛,王清贤,丁大钊.基于多路径分发的ROP框架构造方法[J].计算机科学,2018,45(1):240-244, 260
基于多路径分发的ROP框架构造方法
Construction Method of ROP Frame Based on Multipath Dispatcher
投稿时间:2016-11-01  修订日期:2017-03-12
DOI:10.11896/j.issn.1002-137X.2018.01.042
中文关键词:  ROP,gadget,LBR寄存器,绕防
英文关键词:ROP,Gadget,LBR register,Bypassing defense
基金项目:本文受河南省自然科学基金资助
作者单位E-mail
彭建山 解放军信息工程大学 郑州450002数学工程与先进计算国家重点实验室 郑州450002 jxpjs@163.com 
周传涛 解放军信息工程大学 郑州450002数学工程与先进计算国家重点实验室 郑州450002  
王清贤 解放军信息工程大学 郑州450002数学工程与先进计算国家重点实验室 郑州450002  
丁大钊 解放军信息工程大学 郑州450002数学工程与先进计算国家重点实验室 郑州450002  
摘要点击次数: 224
全文下载次数: 149
中文摘要:
      ROP是一种流行的软件漏洞利用技术,它与ROP检测技术的对抗正在不断升级。主流的ROP检测工具kBouncer和ROPecker通过LBR寄存器追踪间接跳转指令的执行过程,结合ROP特征检测,对传统的ROP以及改进的JOP等攻击行为都有很好的检测效果。Nicholas提出了绕防方法,但它存在可用gadget数量少、实现难度大等问题。提出了一种基于多路径分发的ROP框架构造方法,基于3种类型的gadget模块构造了一个gadget循环执行的框架,在该框架内可以使用丰富的常规gadget,从而形成一条完整、高效的ROP攻击链。实验表明该方法的实现难度低,不仅能够完成复杂的ROP功能,而且特征足够小,能够绕过主流ROP检测工具的检测。
英文摘要:
      ROP is a popular attacking technology used to exploit software vulnerability,and it is always updating to against the technology of defensing ROP.Both kBouncer and ROPecker are the state-of-the-art ROP defense tools,and they are effective in detecting traditional ROP and JOP,and they can trace the process of indirect jump instructions by detecting ROP characters and using LBR register.The bypassing method proposed by Nicholas has the disadvantage that it is hard to find available ROP gadgets.This paper proposed a novel method to organize ROP gadgets.The ROP frame was constructed to execute traditional gadgets in loops by multipath dispatcher.Using this ROP frame,attackers can use plenty of traditional gadgets to execute a complete and efficient ROP chain.The test results show that this method is easy to implement,and it is able to perform complex functions.More importantly,the proposed ROP frame can bypass ROPecker and kBouncer because it has small enough characters.
查看全文  查看/发表评论  下载PDF阅读器